CAQH ProView Security and Privacy

The confidentiality, integrity, availability and safeguard of CAQH information and the privacy of system users are critical priorities for CAQH. CAQH has implemented information security policies, standards, guidelines, processes, procedures, and best practices to strengthen its security program and to protect its information assets. CAQH ProView, COB Smart and VeriFide solutions are designed to be compliant with laws and regulations relating to the security and privacy of Protected Health Information (PHI) and Personally Identifiable Information (PII). CAQH utilizes HITRUST framework and SIG processes to assure best practice security and privacy is implemented in its data protection programs.

The CAQH ProView, COB Smart and VeriFide solutions are housed in secure datacenters where multiple physical and electronic safeguards are implemented. Secure Internet access to application screens, use of passwords and certificates are used to help ensure only authorized use of the system. Powerful Transport Layer Security (TLS) encrypts the data in transition; the database content is also encrypted at rest (utilizing AES 256 or better), and in backup to prevent unauthorized access to CAQH ProView, COB Smart and VeriFide solutions. Multi-factor authentication is utilized for administrators and users with privileged access, and only authenticated users have access to restricted data. Virus detection mechanisms are used to help ensure that the database and the websites are free of viruses. Routine encrypted back-ups protect volatile system data and are secured in an off-site storage facility.

CAQH also utilizes Security Information and Event Management (SIEM) tool to monitor its security posture on a real-time basis to enhance its security posture. CAQH also uses automated incident management and response tools to effectively and efficiently cope with any incidents. In addition, CAQH conducts penetration testing on all its solutions. These tests are conducted by an independent 3rd party. All findings are remediated on a timely manner based on their severity and risk.

CAQH believes that our commitment to data security and our business philosophy about working with organizations based in the U.S. are the central reasons that CAQH solutions are trusted, highly valued service for more than 1.5 million healthcare providers and hundreds of plans and business partners. We welcome your continued participation.